Rengine

reNgine is a web application reconnaissance suite with focus on a highly configurable streamlined recon process via Engines, recon data correlation, continuous monitoring, recon data backed by a database, and a simple yet intuitive User Interface. With features such as sub-scan, deeper co-relation, report generation, etc. reNgine aims to fix the gap in the traditional recon tools and probably a better alternative for existing commercial tools.

https://github.com/yogeshojha/rengine

DOCKER!!!!

Features

Reconnaissance: Subdomain Discovery, IP and Open Ports Identification, Endpoints Discovery, Directory and Files fuzzing, - Screenshot gathering, Vulnerability scan using Nuclei, WHOIS Identification, WAF Detection etc.
Highly configurable YAML-based Scan Engines
Support for Parallel Scans and Subscans
Automatically report Vulnerabilities to HackerOne
Recon Data visualization
OSINT Capabilities (Meta info Gathering, Employees Gathering, Email Address with an option to look password in the leaked database, - dorks, etc.)
Customizable Alerts/Notifications on Slack, Discord, and Telegram
Perform Advanced Query lookup using natural language alike and, or, not operations
Recon Notes and Todos
Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) and Periodic Scans (Runs reconnaissance every X minutes/- hours/days/week)
Proxy Support
Screenshot Gallery with Filters
Powerful recon data filtering with autosuggestions
Recon Data changes, find new/removed subdomains/endpoints
Tag targets into the Organization
Identify Interesting Subdomains
Custom GF patterns and custom Nuclei Templates
Edit tool-related configuration files (Nuclei, Subfinder, Naabu, amass)
Add external tools from Github/Go
Interoperable with other tools, Import/Export Subdomains/Endpoints
Import Targets via IP and/or CIDRs
Report Generation
Toolbox: Comes bundled with most commonly used tools such as whois lookup, CMS detector, CVE lookup, etc.
Identification of related domains and related TLDs for targets
Find actionable insights such as Most Common Vulnerability, Most Common CVE ID, Most Vulnerable Target/Subdomain, etc.

reNgine does not support custom dork as of now, and support is provided for these dorks:

supported options for dork

stackoverflow
3rdparty
social_media
project_management
code_sharing
config_files
jenkins
wordpress_files
cloud_buckets
php_error
exposed_documents
struts_rce
db_files
traefik
git_exposed

gf_patterns

You can now use gf patterns on the gathered URLs. Supported options are combination of these patterns.

gf_patterns available options

debug_logic
idor
img-traversal
interestingEXT
interestingparams
interestingsubs
jsvar
lfi
rce
redirect
sqli
ssrf
ssti
xss

Active Scanning

Consists of

Gathering Host Information

Gather Identity Information

Gather Network Information

Gather Org Information

Open Technical Infomation

References

What is OSINT?

Tools

Shodan

Huntr

HackerOne

Maltego

Recon-ng Framework

Ahmia.fi

Wayback Machine

theHarvester

TinEye

OSINT Framework

FFUF Tool

Lepus Tool

tomnomnom tools in Rengine

theFuzz (formerly known as fuzzywuzzy)

Lepus

CNAME Records

NMAP

MASSCAN: Mass IP port scanner

Naabu (in Rengine)

Rengine

Cross-origin resource sharing (CORS)

Password Reset Vulnerability

SNMP and HOST Header Injection

Clickjacking via IFRAME

Access Controls and Parameter Tampering

Burp Proxy Histroy for endpoint discovery

Arjun for hidden end point discovery

CSRF Discovery/Detection

SSRF Parameter Detection/Discovery

XSS and SSTI Discovery/Detection

Rate Limits

Directory Brute-Force

HTTP Request Smuggling

Open Redirect via WaybackURLs

Social-SignOn Bypass

Possible DOS vial multiple Cookies injection

File Upload via CSRF, XSS, SSRF, RCE, LFI, XXE

Buffer Overflow

AMASS (in Rengine?)

Nuclei (in Regine)

GoSpider

gau (get all urls)

Nikto

Rengine

Features